Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/21367ddd-c241-44a2-a6e6-1387b1e1fc6f.roa
File:                     21367ddd-c241-44a2-a6e6-1387b1e1fc6f.roa (raw, json)
Hash identifier:          f7m4X3vg2lIrhReny4TG9mJ59C2XZBoOpWSCIR31yR4=
Subject key identifier:   2E:B9:63:FB:7D:80:93:44:65:77:68:40:6F:B0:4E:56:E5:1F:16:BF
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       6C26D96B7A64ABC50E83574D0E33126F00C86704
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/21367ddd-c241-44a2-a6e6-1387b1e1fc6f.roa
Signing time:             Wed 17 Sep 2025 00:51:13 +0000
ROA not before:           Wed 17 Sep 2025 00:51:13 +0000
ROA not after:            Wed 22 Oct 2025 23:59:59 +0000
asID:                     14618
IP address blocks:        54.146.96.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sat 11 Oct 2025 00:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:26:d9:6b:7a:64:ab:c5:0e:83:57:4d:0e:33:12:6f:00:c8:67:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 17 00:51:13 2025 GMT
            Not After : Oct 22 23:59:59 2025 GMT
        Subject: serialNumber=8d22afea1403df8579802729b1518f69bce857a608d1b539815fd23dbb4c5f4b, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:67:83:d8:c3:07:1c:e4:db:5e:79:26:a9:f6:
                    25:ea:44:74:ac:e8:6b:25:c9:d8:f3:ac:2a:99:f6:
                    14:e3:8e:e6:14:e5:f2:c5:b5:4b:45:ca:a4:d5:30:
                    c3:ce:bb:07:40:af:76:f9:07:bf:27:7b:28:1b:a7:
                    96:e5:7c:6c:80:37:e7:ee:f7:57:1f:52:72:af:c3:
                    b7:6a:00:89:d2:7b:60:73:a1:52:bd:c1:83:83:18:
                    f9:3b:bd:72:0a:15:13:0c:40:94:16:e3:bd:c8:12:
                    40:f7:d2:47:5b:1f:cd:03:1c:ff:1b:11:83:5a:57:
                    24:08:d0:99:73:b2:ec:0b:db:2d:58:56:d8:9a:7c:
                    c4:42:e3:3a:5e:2a:a1:6c:d5:3b:f6:f2:11:e9:23:
                    38:6e:e4:bd:43:aa:53:af:26:27:2e:a6:e5:0c:b0:
                    34:df:70:df:f5:d3:ea:bd:b6:bf:42:19:47:20:b0:
                    7a:37:e7:ba:cc:c3:1e:c8:61:10:82:87:25:54:b4:
                    30:ec:6e:ca:7e:f6:ed:04:ac:2a:1c:c6:c5:9d:6f:
                    6e:a2:fb:0b:bd:23:25:06:67:07:62:35:1d:6e:34:
                    21:74:7c:ac:79:1a:3b:f8:6f:a0:d2:70:11:8d:a4:
                    d1:32:a9:2a:57:e0:78:b3:43:76:25:91:5d:1a:db:
                    90:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:B9:63:FB:7D:80:93:44:65:77:68:40:6F:B0:4E:56:E5:1F:16:BF
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/21367ddd-c241-44a2-a6e6-1387b1e1fc6f.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.146.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         54:c3:0d:0d:8e:42:01:fb:05:29:52:b5:60:ac:03:f3:80:80:
         57:75:d1:00:d7:a2:2d:d5:b9:06:86:b7:93:2d:9b:30:db:3f:
         7a:c1:3e:5f:85:45:08:b0:75:01:60:70:05:21:e1:57:ae:e4:
         e2:f1:19:78:92:b5:21:e7:37:cd:7c:b2:82:9c:6e:3e:d3:5d:
         32:ee:d4:15:6e:21:c2:ab:ad:6c:99:2a:fb:1f:99:99:af:dd:
         4b:e8:af:33:e3:16:ff:e3:2a:8a:d1:b5:be:dd:0c:4e:3f:da:
         a3:35:f4:4f:69:85:df:0e:c8:42:a7:71:c2:12:2c:9f:3c:5b:
         c8:b6:5c:d4:3e:20:0a:2e:19:2c:9b:55:1e:f2:a9:8a:bb:e8:
         4e:d6:41:84:98:c8:ea:99:8d:ca:00:58:d9:33:64:fb:e7:2b:
         f4:4b:e2:32:da:97:d3:39:14:fc:89:e1:c7:3a:3c:a0:2b:97:
         0b:cc:a0:22:e2:6f:dc:05:e6:9b:02:2c:b2:6b:9c:47:98:2f:
         e7:f4:c5:78:95:dc:00:a4:df:8a:a2:10:29:cb:25:71:99:8d:
         d3:1a:81:0d:6b:38:43:66:ea:0b:1f:5a:8b:ff:63:f0:36:dc:
         78:0f:33:99:76:5e:f1:c4:75:da:eb:23:cd:3b:62:e0:e4:9a:
         d8:d5:40:0c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUbCbZa3pkq8UOg1dNDjMSbwDIZwQwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTE3MDA1MTEzWhcNMjUxMDIyMjM1OTU5
WjB6MUkwRwYDVQQFE0A4ZDIyYWZlYTE0MDNkZjg1Nzk4MDI3MjliMTUxOGY2OWJj
ZTg1N2E2MDhkMWI1Mzk4MTVmZDIzZGJiNGM1ZjRiMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDqZ4PYwwcc5NteeSap9iXqRHSs6GslydjzrCqZ9hTjjuYU
5fLFtUtFyqTVMMPOuwdAr3b5B78neygbp5blfGyAN+fu91cfUnKvw7dqAInSe2Bz
oVK9wYODGPk7vXIKFRMMQJQW473IEkD30kdbH80DHP8bEYNaVyQI0JlzsuwL2y1Y
VtiafMRC4zpeKqFs1Tv28hHpIzhu5L1DqlOvJicupuUMsDTfcN/10+q9tr9CGUcg
sHo357rMwx7IYRCChyVUtDDsbsp+9u0ErCocxsWdb26i+wu9IyUGZwdiNR1uNCF0
fKx5Gjv4b6DScBGNpNEyqSpX4HizQ3YlkV0a25CvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQULrlj+32Ak0Rld2hAb7BOVuUfFr8wHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzIxMzY3ZGRkLWMyNDEtNDRhMi1hNmU2LTEzODdiMWUxZmM2Zi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAU2kmAwDQYJKoZIhvcNAQELBQADggEBAFTDDQ2OQgH7BSlStWCsA/OAgFd1
0QDXoi3VuQaGt5MtmzDbP3rBPl+FRQiwdQFgcAUh4Veu5OLxGXiStSHnN818soKc
bj7TXTLu1BVuIcKrrWyZKvsfmZmv3UvorzPjFv/jKorRtb7dDE4/2qM19E9phd8O
yEKnccISLJ88W8i2XNQ+IAouGSybVR7yqYq76E7WQYSYyOqZjcoAWNkzZPvnK/RL
4jLal9M5FPyJ4cc6PKArlwvMoCLib9wF5psCLLJrnEeYL+f0xXiV3ACk34qiECnL
JXGZjdMagQ1rOENm6gsfWov/Y/A23HgPM5l2XvHEddrrI807YuDkmtjVQAw=
-----END CERTIFICATE-----